Observatory

News

Digital Realty, a data center supplier, has conducted a survey over several companies based in the United Kingdom, France, Germany and Spain. Among the European companies, 90% have planned to expand their data center this year or next year. In addition, this study reveals that security issues and data recovery incidents remain major concerns for businesses.

The bill designed to help combat cyberthreats, Cispa (Cyber Intelligence Sharing and Protection Act) was passed the American House. Cispa introduces protection and sharing of critical intelligence between businesses and administrations, for the sake of cybersecurity. Massively disputed, included within the Senate and the White House, the bill is likely to be rejected provided it remains as such. The Anonymous have already called for an internet blackout to show protest. It was mildly followed, the contestation against Cispa taking place in the Senate from now on.

Flaws in airplanes navigation systems have been discovered by Hugo Teso, a researcher from the German firm N.Runs. They allow hackers to take remote control of any airplane flying the navigation systems designed by firms including Thales, Honeywell or Rockwell Collins. Using an android app he designed, he demonstrated how he could alter airplanes flight plans, exploiting the lack of authentication of the ACARS protocol. Although it has been developed using flight simulators, it is likely that this theoretical demonstration could be applied to actual airplanes. Aeronautics firms already have approached Hugo Teso to work on navigation systems security.

According to a global study by KPMG, less than 10% of French companies believe that cloud computing is an opportunity to transform their processes against 23% in Germany and 34% in Italy although security is no longer seen as a barrier to the deployment of cloudÂ : 30% of companies believe that the first security risk is the loss or corruption of data and 21% fear the risk of intellectual infringment.

A global study by the Ponemon Institute for Juniper Networks reveals that French companies are struggling to protect themselves from cyber attacks that threaten their networks. This difficulty is due to the number of consumer devices and applications introduced in the workplace. 65% of French companies believe that the migration of on-premise systems to cloud environments is also a significant threat to network security.

The Anonymous launched, as scheduled, the campaign OpIsrael, aiming at erasing Israel from the cyberspace. Baked up by many hackers, the operation was well contained by Israeli authorities but still affected several institutional websites such as the ministries of Defence, Education or Foreign Affairs, but also the oil company ALON. Israel officials said they were better prepared than back in 2012 when they endured a large cyberattack on banks and the market place, managing to reduce damages caused by OpIsrael. An Israeli hacking group retaliated, defacing several attackersâ€™ websites and threatening of further stronger actions.

The Cyber Intelligence Sharing and Protection Act (CISPA, or H.R. 624) has a number of fundamental flaws that threaten civil liberties. The bill is intended to give companies in the private sector clear authority to share more cyber threat information. CDT supports more cybersecurity information sharing. However, CISPA goes overboard in the authorities it grants, it lacks critically necessary civil liberties protections, and it inadvertently authorizes and immunizes conduct that itself constitutes a cybersecurity crime.

According to the legal experts who helped drawing NATOâ€™ Tallinn Manual, Stuxnet would match the definition of an armed attack. The Tallinn Manual on the International Law Applicable to Cyber Warfare defines rules of cyberwarfare, including the prohibition of the use of force, constituted by â€śany cyber operation which rises to the level of an armed attack in terms of scale and effects and which is conducted by or otherwise attributed to a stateâ€ť. These experts agreed that Stuxnet was an act of force but argued whether the malware constituted an armed attack, and whether self-defence could be invoked. Either way, some did consider Stuxnet an armed attack and a crime because it occurred before any actual open conflict was engaged.

South Korea, with the help of the US, is to beef up its cyber security, days after the countryâ€™s major broadcasters and banks were subjected to a major cyber attack. The ministry has also sent a number of proposals to President Park Geun-Hye in the light of a string of threats from North Korea over the last few weeks.

Mr Hammond and Australian Defence Minister Stephen Smith signed an agreement at the Australian-UK Ministerial meeting which will see the two countries share information, technology, policy and personnel in a bid to minimise costs. Mr Hammond said changing roles in Afghanistan and budgetary constraints were immediate shared concerns for both countries.